Статья 'Возможные направления развития международно-правовых институтов в области обеспечения глобальной кибербезопасности' - журнал 'Международное право' - NotaBene.ru
по
Journal Menu
> Issues > Rubrics > About journal > Authors > About the Journal > Requirements for publication > Editorial collegium > Peer-review process > Policy of publication. Aims & Scope. > Article retraction > Ethics > Online First Pre-Publication > Copyright & Licensing Policy > Digital archiving policy > Open Access Policy > Article Processing Charge > Article Identification Policy > Plagiarism check policy
Journals in science databases
About the Journal

MAIN PAGE > Back to contents
International Law
Reference:

Possible directions of development of international legal institutions in the field of global cybersecurity

Gorelik Il'ya Borisovich

Postgraduate student, Department of International Law, Diplomatic Academy of the Russian Foreign Ministry

119021, Russia, Moscow, Ostozhenka str., 53/2, p. 1

gorelik.ilya@yandex.ru
Other publications by this author
 

 

DOI:

10.25136/2644-5514.2023.2.40618

EDN:

UZESRS

Received:

25-04-2023


Published:

02-05-2023


Abstract: The author discusses possible directions for the formation of a global international legal system for countering cybercrime and its further development. The results of the activities of international organizations in the development of international legal mechanisms for countering cybercrime are briefly analyzed. An attempt is being made to search for other international legal problems, the experience of solving which can act as a conceptual basis for the formation of a global international legal system for ensuring cybersecurity. The main characteristics of modern digital information and communication systems, especially Internet technologies, are investigated. An attempt is made to create a theoretical model of international legal regulation of countering modern digital threats based on the global nature of modern cyber threats.   The special role of international organizations in the development of international law is stated. The opinion is given about the current global digital information system covering the entire international community. A parallel is drawn between the conceptual foundations of the problem of money laundering and terrorist financing (ML/FT) and cybercrime. The conceptual similarity of these two problems with the justification of such a conclusion is stated. In this regard, it is proposed to use the organizational structure of the international legal framework for countering ML/FT as a conceptual basis for a similar counteraction to cybercrime. In particular, the article proposes to create a specialized international organization within the framework of the UN, whose activities will be devoted to ensuring global cybersecurity. It is proposed to use organizational bases similar to those used within the framework of the Intergovernmental Commission on Financial Monitoring as the basis of activity. In particular, the organization's activities are proposed to be carried out on the basis of a list of recommendations on improving national organizational and legal measures to counter threats in the field of digital technologies, as well as mechanisms for mutual assessment of member states.


Keywords:

international law, cybersecurity, cybercrime, international organizations, UN, FATF, anti-money laundering, recommendations, information technologies, convention

This article is automatically translated. You can find original text of the article here.

In modern conditions of rapid development and dissemination of information and communication technologies, the problem of organizing international legal regulation of countering the criminal use of digital technologies is becoming particularly acute. The problem of cybercrime has been recognized for a long time and has been repeatedly reflected in international law-making activities.The analysis of modern activities for the development of international law in the field of countering cybercrime allows us to come to the conclusion that one of its foundations are the initiatives of many international organizations.

A striking example of this phenomenon can be called the activities of the Council of Europe, which developed the Convention on Computer Crimes of 2001. (Budapest Convention) [3]. Over the next two decades, the Council also developed two additional protocols to the Convention – the First Additional Protocol on Criminalizing Racist and Xenophobic Acts Committed using Computer Systems [11], and the Second Additional Protocol on Strengthening Cooperation and Disclosure of Electronic Evidence [15].

Within the framework of another regional international organization, the European Union, an active elaboration of international legal agreements in the field of personal data protection was also carried out [10, p. 97]. In particular, a system of international legal norms was created, among which are the General Regulation of the European Parliament and the Council of Europe No. 2016/679 on the protection of personal data of individuals in 2016 [13], Regulation of the European Parliament and the Council of Europe No. 1725/2018 of October 23, 2018 on the protection of individuals in the processing of personal data by institutions, bodies departments and agencies and on the free circulation of such data [14], as well as Directive of the European Parliament and of the European Council No. 680/2016 of April 27, 2016 on the protection of individuals when processing personal data by competent authorities in order to prevent, investigate, detect or prosecute criminal offenses or in the execution of criminal penalties [12].

Work on the creation of international legal acts in the field of cybersecurity was also carried out within the CIS. In particular, in 2001, an Agreement on cooperation of the CIS member states in combating Crimes in the field of computer Information was created [8], which later ceased to be effective due to the adoption of a new document in a similar area - the Agreement on Cooperation of the CIS member States in Combating Crimes in the Field of Information Technology in 2018. [9]

Similar work was carried out within the framework of other regional international organizations, such as the SCO, ASEAN, the African Union, the League of Arab States, etc. [2, p. 33]

Within the framework of the UN, work on the development of the legal framework for countering cybercrime was carried out on the basis of the activities of a specialized organization – the International Telecommunication Union, which developed a Global Cybersecurity Program in 2008 [1] and a Guide on Understanding Cybercrime for Developing Countries in 2009 [6]. Moreover, at the initiative of Russia, two specialized groups were created at the UN – an Open-ended Working Group (OEWG) and a Group of Governmental Experts (GGE). The main results of the activities of these groups were formalized in the form of resolutions of the UN General Assembly "Achievements in the field of information and telecommunications in the context of international security".

Thus, the activities of international organizations in the development of international legal mechanisms for ensuring cybersecurity seem to be the basis for the development of international law in this area. However, despite the significant contribution of the organizations mentioned earlier, one serious problem can be identified at the moment – the lack of a global legal framework for international legal counteraction to cybercrime.

According to the author, in the context of cybersecurity, it is especially important to form a global international legal system for ensuring information security and, in particular, combating cybercrime. This opinion is justified by the specific characteristics of cybercrime associated with the mechanics of the functioning of modern digital technologies. As you know, modern information and communication technologies (ICT) have the ability to quickly distribute data over long distances. Given the almost ubiquitous spread of ICT – in particular, the spread of Internet technologies - this leads to the fact that the international community, in fact, becomes one global information system. Due to the uneven technological development of some states and regions, this system is very branched and heterogeneous, but it still exists at the global level and covers all regions of the world. This circumstance leads to the fact that data exchange within the framework of ICT networks can be carried out everywhere and regardless of the specific jurisdiction.

This feature is a significant problem for the reason that each act of criminal use of ICT can simultaneously affect several jurisdictions at once, and even not located within the same region. However, given the differences in approaches to legal counteraction to cybercrime and the organization of investigations, joint activities of interested states are significantly hampered by the lack of unity of command. Moreover, if we consider the modern international community as a global information system, it is also necessary to take into account one of the basic principles of information security theory, according to which the level of protection of some information system is equal to the level of protection of the most unprotected element of such a system [4, p. 238]. When considering the international community in this way, the role of elements of the global information system is played by individual States and ICT complexes under their jurisdiction. This means that even if there are some regions within which legal measures to ensure information security are effectively implemented, the real level of their security will ultimately remain low due to the absence or ineffective implementation of similar legal measures in other regions. Thus, the problem of ensuring international cybersecurity (at least in the context of international law) will remain unresolved as long as there are States and regions in which effective legal mechanisms for countering cybercrime are not implemented. Such a result can be achieved only if appropriate international agreements are created regulating the cooperation of the parties and requiring the criminalization of typical criminal acts in the field of ICT. Moreover, given the global scale of the established information system, such international legal mechanisms should be created and implemented not within individual regions, but on a global scale.

In connection with this opinion, the question arises as to how exactly such activities should be organized. On the one hand, within the framework of the UN, work is already underway to create a global system for countering cybercrime, which, in particular, includes the activities of the SGE and the OEWG, as well as Russia's initiatives related to the development of draft universal conventions on combating cybercrime – the draft UN Convention on Cooperation in Countering Information Crime 2017. [7] and the draft UN Convention on Countering the Use of Information and Communication Technologies for Criminal Purposes 2019. [5] On the other hand, such activities can be optimized in some way.

When considering possible ways to overcome this problem, you can rely on the experience of solving similar issues. One of these may be the problem of money laundering and terrorist financing (ML/FT). Despite the fundamental differences in the essence of the phenomena of ML/FT and cybercrime, according to the author, conceptually the problem of ML/FT has similarities with the problem of cybercrime. For example, known methods of money laundering often involve financial transactions involving the banking systems of many different states – and especially in this context, countries where anti-ML/FT (AML/CFT) measures are not effectively implemented are attractive to criminals. In addition, offshore zones are often used for ML/FT, on the territory of which conditions are implemented to preserve the anonymity of company owners or to accompany their activities with minimal reporting. Here we can draw an analogy with the use of digital technologies that ensure the anonymity of Internet users and encrypt their traffic (for example, VPN services). Or the use of the digital infrastructure of states in which information security measures have not been implemented effectively enough in order to commit cyber attacks or other illegal acts in the field of ICT from their territory.

In addition, financial transactions, the real purpose of which is the implementation of ML /FT, are often carried out using as many financial organizations as possible, transferring funds in complex and branched ways, regularly splitting and combining the transferred amounts. Such acts are carried out by criminals specifically in order to confuse law enforcement agencies and slow down the investigation of the facts of ML/FT. In this case, a suitable analogy from the field of cybersecurity may be the branching of Internet networks, which also make it much more difficult to find the original source of a criminal act and determine jurisdiction in the investigation of a crime. At the same time, the branching of the global financial system can be comparable to the branching of Internet networks.

In connection with the described features, it seems that the AML/CFT problem is conceptually similar in many respects to the problem of cybercrime. At the same time, it is important to note that, as in the case of national legal measures to combat cybercrime, national legal mechanisms in the field of economic security may also differ depending on the jurisdiction. Despite this, it was possible to implement an AML/CFT system at the international level, which presupposes active cooperation of States on this issue, as well as the development of unified legal measures within national jurisdictions. Namely, the Intergovernmental Commission on Financial Monitoring (also known as the Financial Action Task Force on Money Laundering or FATF) was established. The essence of the activity of this organization assumed the cooperation of the member states in order to develop measures to jointly counter ML/FT, as well as to optimize national legislation in order to increase the effectiveness of such activities. The basis for the implementation of such tasks were the recommendations developed by the FATF on the implementation by Member States of appropriate organizational and legal measures, compliance with which will increase the effectiveness of AML/CFT in each individual participating State and, thus, reduce the global threat of ML/CFT.

In this regard, it seems that at the global level, the solution to the problem of comprehensive cybersecurity can be implemented in a similar way. Taking into account the conceptual similarities between ML/FT and cybercrime described above, one of the possible ways to increase the level of global cybersecurity may be the creation of a specialized international organization in the field of information security, the principle of which will duplicate the organizational structure of the FATF.

The basis for the activities of such an organization – as in the case of the FATF – could be made up of recommendations developed by member States. Among these may be, for example, recommendations on the introduction into national legal systems of provisions imposing restrictions on the use of technologies that mask Internet traffic. Other such recommendations may be provisions recommending participating States to create specialized organizations within their jurisdictions that carry out a continuous analysis of national trends in current cybercrime problems, on the basis of which new legal measures will be developed in the future. Also, an important recommendation provision is the criminalization of a number of typical topical types of cybercrime. At the same time, it seems advisable to regularly review the list of recommendations in order to update it in accordance with newly emerging digital threats.

In addition, it is advisable to include in such an international organization a constantly functioning expert analytical center that collects information from participating States on national cybersecurity problems. The result of the work of such a center may be proposals for improving and updating existing international legal mechanisms in connection with the emergence of new threats in the field of ICT. Since digital technologies are constantly evolving, and their structure is becoming more complex, the work of such a unit is particularly important in order to maintain effective and adequate international legal regulation of countering cyber threats. At the same time, according to the author, it is important to carry out the work of such a unit on the basis of a permanent dialogue not only between the participating states, but also on the basis of a dialogue between specialists in the field of jurisprudence and specialists in the field of information technology. It seems that such an organization principle will allow developing legal measures that best meet modern trends in the development of digital technologies. In addition, such an approach can help bring together specialists of various disciplinary fields in the context of understanding the problem of legal regulation of information technologies. In the future, this will contribute to raising standards for the development of secure digital technologies on the one hand and the development of adequate legal norms on the other.

Another effective mechanism that can be implemented within the framework of such an international organization may be a regular expert assessment of the level of cybersecurity within the national jurisdictions of the member States (by analogy with the system of mutual assessments of national AML/CFT systems in the FATF). For such activities, a separate working group may be established in the organization, engaged in the implementation of such assessments, regularly conducting audits in randomly selected Member States, as well as compiling a safety rating among the member parties.

At the same time, it is especially important to build all the activities of the proposed organization on the basis of the basic principles of international law. In particular, it is necessary to emphasize separately the requirement for participating States to respect the sovereignty of other members. The provision on the need to respect the sovereignty of member States and respect for it should be separately enshrined in the statute of an international organization regulating its activities.

Thus, it seems that the creation of an international organization with such a working structure can significantly stimulate the formation and further development of an international legal system for countering cybercrime. At the same time, according to the author, it is especially important that the activities of such an organization extend far beyond specific regions and potentially cover as many states as possible. In this regard, it would be advisable to ensure the work of the organization within the framework of the UN. It is also important to provide special conditions for the membership of developing countries and to provide them with all possible assistance in the implementation of the organizational and legal measures being developed.

On the one hand, the author is aware of the exceptional complexity in creating a global international legal system of information security. Differences in national approaches to legal regulation and levels of technological development, as well as political contradictions, can slow down the process of forming a global legal system of cybersecurity. In this regard, it seems more likely in the near future to create international legal regional centers for countering cybercrime, formed on the basis of many regional organizations. On the one hand, such a direction of development can become an effective solution to the problem of international cybercrime, which will simplify the processes of interstate investigations, as well as bring together national legislation within individual regions. However, taking into account the global scale of the existing information system, it still seems necessary to provide an optimal basis for the development of a common international legal system that is not limited to individual regions.

At the same time, the creation of a specialized international organization seems to be one of the most promising directions in solving this issue. The history of the development of international law clearly demonstrates that the creation of various specialized international organizations – such as the International Maritime Organization, the International Civil Aviation Organization, the International Telecommunication Union, etc. – significantly contribute to the optimization of the development of international legal regulation in specific areas of life. Within the framework of such organizations, States jointly analyze common problems, develop international treaties that take into account the positions of interested parties, and contribute to the convergence of national regulatory approaches. In this regard, given the global scale of the spread of digital technologies and the multidirectional nature of the threats associated with it, it seems particularly relevant to create a similar organization in the field of global cybersecurity.

References
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.

Peer Review

Peer reviewers' evaluations remain confidential and are not disclosed to the public. Only external reviews, authorized for publication by the article's author(s), are made public. Typically, these final reviews are conducted after the manuscript's revision. Adhering to our double-blind review policy, the reviewer's identity is kept confidential.
The list of publisher reviewers can be found here.

A REVIEW of an article on the topic "Possible directions for the development of international legal institutions in the field of global cybersecurity." The subject of the study. The article proposed for review is devoted to topical issues of the development of international legal institutions in the field of global cybersecurity. The author summarizes the experience of a number of international organizations in the field of preparation of legal acts affecting aspects of global cybersecurity. The subject of the study was the provisions of international legal acts, the opinions of scientists, and the practice of international organizations. Research methodology. The purpose of the study is not stated directly in the article. At the same time, it can be clearly understood from the title and content of the work. The goal can be designated as the consideration and resolution of certain problematic aspects of the issue of promising directions for the development of international legal institutions in the field of ensuring global cybersecurity. Based on the set goals and objectives, the author has chosen a methodological basis for the study. In particular, the author uses a set of general scientific methods of cognition: analysis, synthesis, analogy, deduction, induction, and others. In particular, the methods of analysis and synthesis made it possible to summarize and share the conclusions of various scientific approaches to the proposed topic, as well as draw specific conclusions from the materials of the practice of various international organizations. The most important role was played by special legal methods. In particular, the author actively applied the formal legal method, which made it possible to analyze and interpret the norms of current legislation (primarily the provisions of international legal acts). For example, the following conclusion of the author: "Within the framework of another regional international organization, the European Union, international legal agreements in the field of personal data protection were also actively developed [10, p. 97]. In particular, a system of international legal norms was created, among which are the General Regulation of the European Parliament and the Council of Europe No. 2016/679 on the protection of personal data of individuals in 2016 [13], Regulation of the European Parliament and the Council of Europe No. 1725/2018 of October 23, 2018 on the protection of individuals in the processing of personal data by institutions, authorities departments and agencies and on the free circulation of such data [14], as well as Directive of the European Parliament and of the European Council No. 680/2016 of April 27, 2016 on the protection of individuals when processing personal data by competent authorities in order to prevent, investigate, detect or prosecute criminal offenses or in the execution of criminal penalties [12]". Another example is when the author compares the practice of various international organizations: "Within the framework of the United Nations, work on developing the legal framework for countering cybercrime was carried out on the basis of the activities of a specialized organization – the International Telecommunication Union, which developed the Global Cybersecurity Program in 2008 [1] and a Guide to Understanding Cybercrime for developing Countries in 2009 [6]. Moreover, at the initiative of Russia, two specialized groups were created at the UN – the Open-ended Working Group (OEWG) and the Group of Governmental Experts (GGE). The main results of the activities of these groups were formalized in the form of resolutions of the UN General Assembly "Achievements in the field of information and telecommunications in the context of international security". Thus, the methodology chosen by the author is fully adequate to the purpose of the study, allows you to study all aspects of the topic in its entirety. Relevance. The relevance of the stated issues is beyond doubt. There are both theoretical and practical aspects of the significance of the proposed topic. From the point of view of theory, the topic of ensuring global cybersecurity is complex and ambiguous. In the modern world, threats in the digital environment are dangerous both in the field of ensuring personal rights and freedoms (for example, in the field of personal data protection, privacy), and directly in connection with the protection of property interests (fraud and other theft are often committed using the capabilities of the digital environment). However, due to the globality of the online space, solving the problem is possible only at the supranational international level, which, given the current economic and political situation, seems to be a difficult task to solve. The author is right to highlight this aspect of relevance. On the practical side, it should be recognized that it is necessary to search for mechanisms to improve international legal regulation in this area. The examples given by the author in the article from the practice of various international organizations demonstrate this issue. Thus, scientific research in the proposed field should only be welcomed. Scientific novelty. The scientific novelty of the proposed article is beyond doubt. Firstly, it is expressed in the author's specific conclusions. Among them, for example, is the following conclusion: "the author is aware of the exceptional complexity in creating a global international legal information security system. Differences in national approaches to legal regulation and levels of technological development, as well as political contradictions, can slow down the process of forming a global legal system of cybersecurity. In this regard, the creation of international legal regional centers for countering cybercrime, formed on the basis of a variety of regional organizations, seems more likely in the near future. On the one hand, such a development direction can become an effective solution to the problem of international cybercrime, which will simplify the processes of interstate investigations, as well as bring national legislation closer within individual regions. However, given the global scale of the existing information system, it still seems necessary to provide an optimal basis for the development of a common international legal system that is not limited to individual regions." Another conclusion is also important: "At the same time, the creation of a specialized international organization seems to be one of the most promising directions in solving this issue. The history of the development of international law clearly demonstrates that the creation of various specialized international organizations – such as the International Maritime Organization, the International Civil Aviation Organization, the International Telecommunication Union, etc. – significantly contribute to optimizing the development of international legal regulation in specific areas of life. Within the framework of such organizations, States jointly analyze common problems, develop international treaties that take into account the positions of interested parties, and promote the convergence of national regulatory approaches. In this regard, given the global scale of the spread of digital technologies and the multidirectional nature of the threats associated with it, it seems especially relevant to create a similar organization in the field of global cybersecurity." These and other theoretical conclusions can be used in further scientific research. The above conclusions may be relevant and useful for law-making activities. Thus, the materials of the article may be of particular interest to the scientific community in terms of contributing to the development of science. Style, structure, content. The subject of the article corresponds to the specialization of the journal "International Law", as it is devoted to legal problems related to the directions of development of international legal norms and regulations in a certain area (ensuring global cybersecurity). The content of the article fully corresponds to the title, as the author considered the stated problems and achieved the research goal. The quality of the presentation of the study and its results should be recognized as fully positive. The subject, objectives, methodology and main results of the study follow directly from the text of the article.
The design of the work generally meets the requirements for this kind of work. No significant violations of these requirements were found. Bibliography. The quality of the literature used should be highly appreciated. The author actively uses the literature presented by authors from Russia and abroad (Gorelik I.B., Maximov A.M., Tishchenko E.N., Yastrebova A.Yu., Akchurin T.F., Anisimov I.O., Gorelik I.B. and others). Thus, the works of the above authors correspond to the research topic, have a sign of sufficiency, and contribute to the disclosure of various aspects of the topic. Appeal to opponents. The author conducted a serious analysis of the current state of the problem under study. All quotes from scientists are accompanied by author's comments. That is, the author shows different points of view on the problem and tries to argue for a more correct one in his opinion. Conclusions, the interest of the readership. The conclusions are fully logical, as they are obtained using a generally accepted methodology. The article may be of interest to the readership in terms of the systematic positions of the author in relation to the issues of promising directions for the development of international legal institutions in the field of ensuring global cybersecurity. Based on the above, summing up all the positive and negative sides of the article, "I recommend publishing"
Link to this article

You can simply select and copy link from below text field.


Other our sites:
Official Website of NOTA BENE / Aurora Group s.r.o.